Exemplo n.º 1
0
        private static Role PrepareRules(string rolename)
        {
            SqlConnection sqlConnection = DBUtil.CreateConnection();
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = sqlConnection;
            cmd.Connection.Open();

            cmd.CommandText = @"
                SELECT PermissionId, GrantId FROM PermissionRules
                    WHERE RoleName = @RoleName
                    ORDER BY PermissionId, GrantId
                ";
            //USE PARAMETERS FOR SECURITY
            cmd.Parameters.Add(new SqlParameter("@RoleName", rolename.Trim()));
            SqlDataReader reader = cmd.ExecuteReader();

            Role role = new Role(rolename);
            while (reader.Read())
            {
                int permissionId = reader.GetInt32(0);
                int grantId = reader.GetInt32(1);

                role.Rules[permissionId].Grants[grantId] = true;
            }
            cmd.Connection.Close();

            return role;
        }
Exemplo n.º 2
0
        public static bool EditRole(Role role)
        {
            bool transactionStatus = false;
            SqlConnection sqlConnection = DBUtil.CreateConnection();
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = sqlConnection;
            cmd.Connection.Open();
            cmd.Transaction = sqlConnection.BeginTransaction("EditRole");

            try
            {
               cmd.CommandText = RemoveRulesSqlScript(role.Name);
               cmd.CommandText += CreateRoleSqlScript(role);
               cmd.ExecuteNonQuery();
               cmd.Transaction.Commit();

               transactionStatus = true;
               Refresh();
            }
            catch (Exception)
            {
                cmd.Transaction.Rollback();
            }

            return transactionStatus;
        }
Exemplo n.º 3
0
        private static string CreateRoleSqlScript(Role role)
        {
            string commandText = string.Empty;
            const string InsertQueryTemplate = @"
                    INSERT INTO PermissionRules (RoleName, PermissionId, GrantId)
                    VALUES ('{0}', {1}, {2});
                ";

            foreach (KeyValuePair<int, Rule> rule in role.Rules)
            {
                foreach (KeyValuePair<int, Grant> grant in Grant.Grants)
                {
                    if (rule.Value.HasGrants[grant.Value.Id] && rule.Value.Grants[grant.Value.Id])
                    {
                        commandText += string.Format(InsertQueryTemplate,
                                                role.Name,
                                                rule.Value.PermissionId,
                                                grant.Value.Id
                                        );
                    }
                }
            }

            return commandText;
        }
Exemplo n.º 4
0
        public static bool CreateRole(Role role)
        {
            bool transactionStatus = false;
            SqlConnection sqlConnection = DBUtil.CreateConnection();
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = sqlConnection;
            cmd.Connection.Open();
            cmd.Transaction = sqlConnection.BeginTransaction("CreateRole");

            try
            {
                System.Web.Security.Roles.CreateRole(role.Name);

                cmd.CommandText = CreateRoleSqlScript(role);
                cmd.ExecuteNonQuery();
                cmd.Transaction.Commit();

                transactionStatus = true;
                Refresh();
            }
            catch
            {
                System.Web.Security.Roles.DeleteRole(role.Name);
                cmd.Transaction.Rollback();
            }
            finally
            {
                sqlConnection.Close();
            }

            return transactionStatus;
        }